Security is one of the most critical components of your network infrastructure. A robust firewall, protection against DDoS attacks, and the installation of a Web Application Firewall (WAF) are essential to safeguard your network. In this article, we will present a step-by-step approach to closing security vulnerabilities in your network infrastructure.
The firewall is the first step in controlling your network traffic. Below is a basic firewall configuration using iptables on a Linux-based server.
Turkey (Türkçe)
Worldwide (English)
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo iptables-save > /etc/iptables/rules.v4The above commands allow traffic from only specific ports and drop all other traffic. We save this configuration to /etc/iptables/rules.v4.
To protect against DDoS attacks, the fail2ban tool can be used. This tool automatically bans malicious IP addresses, reducing threats to your network.
sudo apt-get install fail2banAfter installation, open the /etc/fail2ban/jail.local file and add the following configuration:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 600This configuration bans the IP address for 10 minutes after 5 failed login attempts.
You can protect your web applications by installing ModSecurity as a WAF. Follow these steps:
sudo apt-get install libapache2-mod-security2After installation, open the /etc/modsecurity/modsecurity.conf file and change the following line:
SecRuleEngine OnAfter activating ModSecurity, enhance your protection layer by installing the OWASP Core Rule Set.
wget https://github.com/coreruleset/coreruleset/archive/refs/heads/v3.3.2.zip
unzip v3.3.2.zip
sudo mv coreruleset-3.3.2 /usr/local/modsecurity-crs
sudo cp /usr/local/modsecurity-crs/crs-setup.conf.example /usr/local/modsecurity-crs/crs-setup.confFinally, add the following lines to your Apache configuration file:
IncludeOptional /usr/local/modsecurity-crs/crs-setup.conf
IncludeOptional /usr/local/modsecurity-crs/rules/*.confIn this article, we examined the necessary steps to close security vulnerabilities in your network infrastructure. By implementing a firewall, DDoS protection, and WAF installations, you can make your network more secure. Remember, network security is an ongoing process, and you should regularly update your measures.
Copyright © 2026 All Rights Reserved
